Home Podcasts Videos Guest Posts Q&A My Take Bio Contact
 

Q & A

 

Q&A: How your typing and screen swiping nuances can verify your identity

The recent data breaches at Timehop and Macy’s are the latest harbingers of what’s in store for companies that fail to vigorously guard access to all of their mission-critical systems.

Related podcast: Why identities are the new firewall

A common thread to just about every deep network breach these days is the failure of the victimized entity to effectively deploy multi-factor authentication (MFA) to at least make it harder for threat actors to access their sensitive systems.

Compromised accounts came into play in data breaches of Uber, Tesla, Gemalto, Aviva, Equifax and many others. Threat actors are authenticating themselves at numerous junctures in order to gain deep access and deliver malicious payloads without being detected.

And with “digital transformation” accelerating, there are so many more weakly-secured login accounts just waiting to be maliciously manipulated.

Generally speaking, companies have yet to fully address authentication weaknesses, with respect to their legacy on-premises systems. And yet they doubling down on public cloud services, as well as increasing their dependence on an entire new solar system of  software “microservices” and  “containers” that come and go.

The vast majority of these new, interconnected components and layers that make up digital transformation require login accounts, which translates into a fresh galaxy of attack vectors.

The good news is that this is a solvable problem. The Identity Access Management (IAM) space is one of the more mature subsectors of the cybersecurity industry. And IAM vendors are innovating like crazy. They are bringing data-analytics, machine-learning and behavioral biometrics to bear, to help companies more effectively manage account authentication, without slowing down digital transformation.

For instance, IAM supplier Optimal IdM recently  announced that it is partnering with TypingDNA to add “typing behavior analysis” as an added feature to its core MFA services. I asked Chris Curcio, vice-president of channel sales at Optimal IdM to set the wider context. Here are excerpts of the interview, edited for clarity and length. …more

Q&A: Crypto jackers redirect illicit mining ops to bigger targets — company servers

By Byron V. Acohido

Illicit crypto mining is advancing apace.

It was easy to see this coming. It began when threat actors began stealthily embedding crypto mining functionality into the web browsers of unwitting individuals. Cryptojacking was born. And now, the next-level shift is underway.

Related article: Illicit crypto mining hits cloud services

Cybercriminals have shifted their focus to burrowing onto company servers and then redirecting those corporate computing resources to crypto mining chores. They are doing this using both tried-and-true, as well as leading-edge, hacking techniques.

I recently unwrapped these developments in a discussion with Liviu Arsene, senior security analyst at Bitdefender, which has been closely monitoring this trend. One key bit of intelligence Bitdefender shares in a whitepaper is a breakdown of how EternalBlue has come into play, once again.

You may recall EternalBlue was one of the cyber weapons stolen from the NSA and used in the milestone WannaCry ransomware attack in the spring of 2017. WannaCry used EternalBlue to deploy a self-spreading worm to help rapidly spread a globe-spanning ransomware campaign. It also used PowerShell and Windows Management Instrumentation script to infect the victim, followed by Mimikatz to pull logins and passwords from a computer’s memory in order to move laterally across the infrastructure.

And now in 2018 EternalBlue is propagating a very similar worm, dubbed WannaMine, that has been seeking company servers to infect – and redirect to crypto mining chores – in 150 countries.

This is part of a rising number of advanced attacks designed to penetrate data centers of private and public cloud infrastructures which have the computing resources coveted by crypto miners.

The criminals aren’t asking for any ransom. They’re just taking – or more precisely, consuming — what they want: …more

National Cybersecurity Alliance advocates ‘shared responsibility’ for securing the Internet

By Byron V. Acohido

The targeting of Sen. Claire McCaskill by Russian intelligency agency hackers, as she runs for re-election, underscores the need for each individual and organization to take online privacy and security as a core part of our everyday lives.

Related: Using ‘gamification’ for security training

The National Cyber Security Alliance is a  non-profit group, underwritten by the top tech companies and biggest banks, that has been out there since 2001 promoting best practices and supplying programs to engrain this mindset in our society.  NCSA operates the StaySafeOnline website that provides a variety of cybersecurity educational resources and programs.

I sat down with Russ Schrader, NCSA’s new executive director, who outlined the terrific resources NCSA makes available. One program, for instance, puts on workshops for Congressional staffers and other federal employees on how to recognize and avoid nation-state backed hackers looking to interfere in elections.

For a full drill down on our conversation, please listen to the accompanying podcast. Here are excerpts, edited for clarity and length:

LW: What is the National Cyber Security Alliance?

Schrader: We are a leading nonpartisan, nonprofit group that’s very involved as a convener of experts to talk about a number of the top issues in cybersecurity. We also have a lot of educational programs that reach far beyond the insular, cybersecurity expert areas.

LW: How did this organization get started?

Schrader

Schrader: The legacy is a group of CISOs from companies like Facebook, Google, Microsoft, Cisco, Oracle, Mastercard, Visa, Bank of America, Wells Fargo and a lot of others. They built a very robust  group of committed cybersecurity professionals in their own businesses. But they also realized there was a greater good in encouraging safety and security of the Internet, as it becomes more and more an important part of people’s lives.

LW: Your high-level mission, as I understand it, is generally to build the level of awareness across the board?

Schrader:  Absolutely. We have a lot of programs geared toward education at a lot of different levels. In addition to the consumer levels that we’re doing, we also work with people on the Hill,  and try to help them during this election time, or when there may be unfriendly actors trying to hack into their e-mails or hijack their social media accounts. …more

NEW TECH: DataLocker introduces encrypted flash drive — with key pad

One sliver of the $90 billion, or so, companies are expected to spend this year on cybersecurity products and services is an estimated $85 million they will shell out for encrypted flash drives.

One of more fascinating innovators in this space is 11-year-old DataLocker, based in Overland Park, Kansas.

Related: How DataLocker got its starth

Co-founder Jay took a business trip to South Korea in the fall of 2007. A chance meeting – in an elevator, no less – led to Kim veering over to the cybersecurity industry.

DataLocker honed its patented approach to manufacturing encrypted portable drives and landed some key military and government clients early on; the company has continued branching out ever since. DataLocker has grown to 40 employees and this summer moved it’s headquarters to a larger office, with room to grow.

I recently had the chance to visit with Shauna Park, channel manager at DataLocker. We discussed why encrypted flash drives have become established as a must-have portable business tool in the digital age. For a full drill down please listen to the accompanying podcast. Here are excerpts edited for clarity and length.

LW: With all the wonders of the digital age, it’s fascinating how important it can be to have an encrypted drive in the palm of your hand when you really need one.

Park: Exactly. The encryption in our products is handled by a chip inside the actual hardware itself. So it’s easy to use for anybody; you don’t have to know how to do encryption. The hardware itself takes care of it for you. All the user needs is a strong password to access to the data.

LW: Where do encrypted drives typically come into play in a business setting? …more

Q&A: Here’s why it has become vital for companies to deter ‘machine-identity thieves’

By Byron V. Acohido

We’re undergoing digital transformation, ladies and gentlemen. And we’re in a nascent phase where clever advances are blossoming even as unprecedented data breaches arise in parallel.

The latest example of this dichotomy comes from Timehop, a service that enables social media users to plug into their past. On Sunday, Timehop shared details about how a hacker got into their network, conducted several reconnaissance forays, and then moved swiftly on July 4th to pilfer personal information for 21 million Timehop users, including their social media “access tokens.”

Related article: How DevOps contributed to the Uber hack

Much like the recent hacks of Uber and Tesla, the Timehop caper revolved around the attackers manipulating admin credentials and maneuvering extensively through Timehop’s cloud environment.

I recently had a fascinating conversation with Jeff Hudson, CEO of Venafi, about why we are currently in a situation where criminally motivated actors are proving to be every bit as innovative as legitimate businesses, when it comes to leveraging cloud services, and developing breakthrough uses of mobile computing and the Internet of things.

Venafi is a leading supplier of machine identity protection; it helps companies secure authentication and privileged access to key components of critical systems. As such, Hudson argues persuasively that the root of the matter comes down to the need for organizations to keep a much closer account of access logons and encryption keys. And they must do this, not just for human users, but especially for machine-to-machine communications.

For a drill down on our conversation, please listen to the accompanying podcast. Here are excerpts edited for clarity and length.

LW: Can you frame what’s going on with identities when it comes to digital transformation? …more

As 2-factor authentication falls short, ‘adaptive multi-factor authentication’ goes mainstream

By Byron V. Acohido

The use of an additional form of authentication to protect the accessing of a sensitive digital system has come a long way over the past decade and a half.

Most individuals today are nonplussed when required, under certain circumstances, to retrieve a one-time passcode, pushed out in a text message to their smartphone, and then typing the passcode to gain access to a privileged account.

Related: Why data science is the key to securing networks

An Israeli start-up, Silverfort, is seeking to make a great leap forward in the state-of-the-art of authentication systems. Silverfort has introduced new technology that is designed to help corporations address unprecedented authentication exposures spinning out of ‘digital transformation.’

I recently visited with Silverfort CEO Hed Kovetz, who described how the idea for the company percolated when the co-founders were toiling in the encryption branch of Unit 8200, the elite cybersecurity arm of the Israeli military.

Kovetz recounted how he and two colleagues came up with the idea for a centralized authentication appliance that uses machine learning to recognize the logon patterns of all employees, and then makes strategic use of that analysis in real time.

Having visited with several cybersecurity companies marketing cutting-edge authentication technologies, it has become clear to me that advanced authentication technologies will play an important role, going forward, in helping enterprises build out ‘hybrid’ networks that tap deeper into cloud services and the Internet of Things. This is what digital transformation is all about.

For a drill down on Silverfort’s bold approach to the authentication part of the equation, please listen to the accompanying podcast. Here are excerpts edited for clarity and length:

LW: How did Silverfort get started?

Kovetz: All of us worked together very closely in Unit 8200, a cyber intelligence unit inside the Israeli army. The three of us worked a lot on these areas and really understood some of the challenges that we wanted to handle. …more

Security start-up deploys advanced AI, aka ‘deep learning,’ to detect malware on endpoints

By Byron V. Acohido

Based in Tel Aviv, Israel, Deep Instinct was one of the more intriguing cybersecurity vendors I had the privilege of spending some time with at RSA Conference 2018.

The company lays claims to being the first to apply “deep learning” to a truly innovative protection system that extends machine learning and artificial intelligence down to the level of every computer and mobile device of each employee.

Accompanying podcast: Deep Instinct pioneers AI-infused endpoint security

The company has been doing something right. Launched in 2015, it has grown rapidly to 100 employees. It has attracted $32 million in venture funding and won a satchel full of industry awards, including being named by Dark Reading’s “most innovative startup” at Black Hat Las Vegas last summer.

Deep learning is an advanced branch of machine learning and artificial intelligence. It works by sifting through the oceans of data that course through a company’s network in a series of layers, referred to as a neural network. This layered, systematic approach to making cross correlations is modeled after the human brain.

Once it is switched on, deep learning never stops. The more data fed into its algorithms, the more accurately the system recognizes things it was designed to recognize, in this case fresh malware variants. If that sounds like a gargantuan computing task, it is.

Deep Instinct’s founders not only crafted proprietary algorithms to achieve this, they also innovated a way to distribute the results (malware alerts) down to the level of personal computing devices.

Kaftzan

Jonathan Kaftzan, vice president of marketing, walked me through how these breakthroughs are helping companies protect their networks. For a full drill down on our discussion, please listen to the accompanying podcast. Here are excerpts of our discussion edited for clarity and length:

LW: What’s deep learning all about? …more